Wired: The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side

alex-coltuneac-582x385”It’s 3 AM, and his eyes are almost closed. The pack of gummy bears on his desk is empty. So’s the Chinese takeout box. Romanian white hat hacker Alex Coltuneac has had three hours of sleep tonight. And last night. And the night before that. He’s busy trying to find a vulnerability in YouTube live chat, which he plans to report to the company and hopefully get some money in return. None of the bugs he has discovered in the past few days electrifies him, so he keeps digging”, reports Andrada Fiscutean for Wired.com.


In the past four years, Coltuneac has gotten bug bounty payments from Google, Facebook, Microsoft, Adobe, Yahoo, eBay, and PayPal for flaws he reported. Such bounty programs are a chance for Eastern European hackers like him to pursue a legitimate career in cybersecurity.

And he’s only 19 years old. In a country better known for cybercrime, the teenager is part of small but growing cohort of hackers who are deciding to play it nice. This is a departure for the hacking community of Romania, known for such hits as the hackers Hackerville and Guccifer, and fraudsters who steal money from American bank accounts, perpetrate eBay frauds, and land themselves on the FBI’s most wanted list.

Coltuneac is a freshman at the Babes-Bolyai University in Cluj-Napoca, where he learns Computer Science taught in English. Raised by a family who emphasized honest values, he started using a computer when his was 6. First, he taught himself how to play games, but as he got older he began to see the computer’s potential as a tool to make money. He spent his early teenage years watching fellow Romanian hackers make astounding sums of money selling exploits on the black market. They were able to rake in thousands of US dollars with just a few clicks, far more than Coltuneac’s parents made in a month.  He was a good kid, from a good family. He didn’t want to join them. But he did want to pay for college.

The allure of that life was powerful.

Which is why he was so grateful to find out about bug bounty programs when he was 15. They pay enough to  keep his conscience clear and his bank account full. Bounties cover the cost his education and living expenses, so “there’s no excuse to break the law,” he said.

Coltuneac won’t say how much he earns as a vulnerability hunter, yet gifted white hat hackers doing the same kind of job brag about making in a lucky month about $6,000. That’s how much an ordinary Romanian earns in a year. The average take home pay in the country was about $520 a month this March, one of the lowest in the European Union.

On the white market, a flaw found and reported legitimately is priced at a few hundred dollars, enough for Coltuneac to pay his rent this month. Sensitive ones are often rewarded with several thousand dollars. In very few cases, the bounty exceeds $100,000. He’s constantly hoping to find one of those. And that sum is still far less than what he would get if he sold the same vulnerabilities on the gray or black markets. (Gray markets sell exploits to nations and corporations to use against their foe; black markets sell to the highest bidder, often criminals.) Zerodium, a gray hat vulnerability broker working with law enforcement and intelligence agencies, awards a hacker up to $500,000 for a high-risk bug with fully functional exploit.


Read more HERE





Leave a Reply

Your email address will not be published. Required fields are marked *

1 × one =